'CTM Arrangment' Scam
Cybercriminals are spreading corrupted emails carrying weaponized file attachments. The lure emails are presented as communication from a legitimate shipping company named JPS Ships Supply Service. Recipients should be warned that the JPS company has no connection to these emails and the threat actors are exploiting its name.
The fake emails are presented as a request for the arrangement of CTM for the sum of $124, 000. The subject line of the messages could be a variation of 'ARRANGEMENT CTM OF USD 124,000.' It is likely that CTM stands for Cash To Master, as the misleading messages ask recipients to review the information in the attached file and then provide their own banking details.
When the attached 'CTM Payment.xls' file is opened, it will appear blank. However, the corrupted code in the file will try to execute harmful macro commands to drop the LokiBot malware threat to the victim's device. The LokiBot Trojan is primarily focused on collecting confidential data from the systems it infects. The attackers could use the threat to establish keylogging routines as well. As a result, users may have their account credentials, banking information, payment details and other sensitive information compromised.